From d1c9f7eaacdcf137819313bd1a9cd6bba58d278c Mon Sep 17 00:00:00 2001
From: Archit Gupta <archigup@amazon.com>
Date: Thu, 10 Oct 2024 11:23:02 -0700
Subject: [PATCH] Force use of TLS 1.3 in OpenSSL demos

---
 platform/posix/transport/src/openssl_posix.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/platform/posix/transport/src/openssl_posix.c b/platform/posix/transport/src/openssl_posix.c
index 1cfe39a8db..9afe769368 100644
--- a/platform/posix/transport/src/openssl_posix.c
+++ b/platform/posix/transport/src/openssl_posix.c
@@ -631,6 +631,17 @@ OpensslStatus_t Openssl_Connect( NetworkContext_t * pNetworkContext,
         }
     }
 
+    /* Set minimum TLS version. */
+    if( returnStatus == OPENSSL_SUCCESS )
+    {
+        int ret = SSL_CTX_set_min_proto_version( pSslContext, TLS1_3_VERSION );
+        if( ret != 1 )
+        {
+            LogError( ( "Failed to set minimum TLS version to 1.3." ) );
+            returnStatus = OPENSSL_API_ERROR;
+        }
+    }
+
     /* Setup credentials. */
     if( returnStatus == OPENSSL_SUCCESS )
     {